CVE-2026-7836 hextoint macro uppercase bug

An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input...

EUVD-2024-2653

Malicious code in bioql PyPI...

CVE-2025-1942

When String.toUpperCase caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string This vulnerability affects Firefox 136 and Thunderbird 136...

GHSA-RPFR-3M35-5VX5 Hono CSRF middleware can be bypassed using crafted Content-Type header

Summary Hono CSRF middleware can be bypassed using crafted Content-Type header. Details MIME types are case insensitive, but isRequestedByFormElementRe only matches lower-case. https://github.com/honojs/hono/blob/b0af71fbcc6dbe44140ea76f16d68dfdb32a99a0/src/middleware/csrf/index.tsL16-L17 As a...

PT-2024-30656 · Hono · Hono

Name of the Vulnerable Software and Affected Versions: Hono versions prior to 4.5.8 Description: The Hono CSRF middleware can be bypassed using a crafted Content-Type header. This is due to the fact that MIME types are case insensitive, but the isRequestedByFormElementRe function only matches...

Inconsistent Display of Machine Names in Studio

Some machine names are displayed in lower case letters in the machine catalog, while all others are displayed in upper case letters. All machines have been created in the same way and were all added manually to the catalogue. The names are being displayed consistently in AD and the PVS console...

Radancy: Weak password

It takes ash123456789123456789 as a password,which is not secure.It can be cracked using Dictionary,brute force etc attacks. Impact: If password complexity is not enforced people may tend to put easily guessable password which may be exploitable for a malicious user. Solution-To make it more...

Directory traversal

F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via 1 a trailing null byte, 2 multiple leading slashes, 3 Unicode encoding, 4 URL-encoded directory traversal or same-directory characters, or 5 upper case letters in the domain name...

CVE-2007-0187

F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via 1 a trailing null byte, 2 multiple leading slashes, 3 Unicode encoding, 4 URL-encoded directory traversal or same-directory characters, or 5 upper case letters in the domain name...

CVE-2000-0499

BEA WebLogic 3.1.8–4.5.1 is affected. The default configuration allows a remote attacker to view the source code of a JSP program by requesting a URL that exposes the JSP extension in upper case. Root cause: default config enables exposing JSP source. Impact: confidentiality of JSP source could b...

PT-2000-1435 · Ibm · Ibm Websphere Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere server version 3.0.2 Description: The issue allows a remote attacker to view the source code of a JSP program. This can be achieved by requesting a URL that provides the JSP extension in upper case. Recommendations: For IBM...

PT-2000-1437 · Bea · Bea Weblogic

Name of the Vulnerable Software and Affected Versions: BEA WebLogic versions 3.1.8 through 4.5.1 Description: The default configuration of the software allows a remote attacker to view the source code of a JSP program. This can be achieved by requesting a URL that provides the JSP extension in...